Cipher Security- Part 1, by East Sierra Sage

[Editor’s Note: This is good information, but readers should note that simple transposition ciphers of any type can be easily broken. Only One Time Pads and book codes offer any reasonable level of cipher security.]

My Nom de Plume is “East Sierra Sage”, and I’m writing about cipher security. I am a Retired Marine Infantry Staff Non-Commissioned Officer. I served multiple combat tours in Iraq, as well as most of the “skirmishes” the U.S. got involved in leading up to the global war on terror. Two tours were served as an instructor of Mountain Warfare training for the Marine Corps. I have taught “Survival in the Mountains” and have trained combat staff members in command post operations. I have taught Navy SEALS, Army Special Forces, Army Rangers, and Air Force Para-rescue operators, as well as many numerous foreign military personnel.

My Life, Career, and Lessons Learned in Intelligence Reporting

During my career I was “voluntold” to write ground-up Intelligence reporting to higher headquarters. These tasks, though uninspiring at first, would eventually teach me many ways to deliver “secure” messages via plain text or open source communications formats, as well as teach me the way Intelligence personnel conduct predictive analysis in order to synchronize Infantry operations to anticipate enemy actions and get personnel “left of bang”.

Husband, Father, and Patriot With a “Network”

I am a husband, a father, and a self-proclaimed patriot. I live in the East Sierra mountains where the population is sparse and the human foot print is very light. (Thank the Lord!) I have family and friends who live in Orange County and San Diego County, California. (These folks are my “Network”.)

My Network Getting Out of Densely Packed Region

My network would have a very difficult time getting out of that densely packed region, should there ever be civil unrest, a collapse of the economy, or, as all Californians fear, the “big one” shakes us beyond immediate repair. Given the population density and the nebulous highway system of Southern California, I am almost sure of the fact that my network would face many challenges getting out of the Southern California region. My mountain home is the place that they will all come to if necessary.

Never Broadcast Intentions To Enemy

One of the many things I learned, in more than twenty years in the Marine Corps, was never broadcast your intentions to the enemy! In life, I have learned to never broadcast my intentions to those who seek to stop me from achieving my goals. I rarely broadcast my intentions outside my network.

Tactics, Techniques, and Procedures for OPSEC

The tactics, techniques, and procedures (TTP’s) I intend to introduce to the readers are intended to bolster the reader’s operational security (or OPSEC). Most people exercise OPSEC in their lives and do not even realize it. If you shred your bills before disposing them in the trash, you exercise personal OPSEC. Every teenager who has ever passed a “Love Note” in class and had the note intercepted by the teacher and read to the class, certainly, wished they’d exercised some form of OPSEC. Now, imagine that instead of an English Literature teacher, malevolent operators read and understood your message. The situation wouldn’t be embarrassing; it could potentially be deadly.

Many Methods to Codify Messages

In my life’s experiences, I learned that there are many methods available to codify or align messages for broadcast. We all know that insidious actors and “Big Brother” sees and hears all. But what if these malevolent forces don’t understand what is being put out in the ether?

Brevity– Small, Manageable Pieces of Information

One way to throw off the unintended recipient of your broadcast is to codify and organize your information into small manageable pieces. While on active duty, I noticed that when communicating it was essential to use brevity, because the recipient is busy trying to write down or record the message while trying to gain instant understanding or compliance with the broadcasted message. Ask any person who has been involved with Signals Intelligence, Combat Arms, or communications. Brevity may often insure security. The transmitter needs to keep transmissions brief and concise.

Codifying Messages With a Cypher Sheet

Codifying a prearranged series of messages, your broadcasts will be more discreet. I have designed a method for communicating with my network, using a “cypher sheet”. This sounds very cloak and dagger, but the truth is that all you need to do is think about the kinds of messages that need to be conveyed and manipulate a spread sheet.

Perfect Practice Makes Perfect

Vince Lombardi once stated that his team won, not because of practice but because “perfect practice makes perfect”. With this mantra in mind, we practice, often! In order to insure effective, secure communications, I drilled my network in person.

Communicating Via Telephone or Email

My network all agree that communicating via telephone or via email is effective, as long as the users are well versed in the standard operating procedures (SOPs). Telephonic and email communications are an “Open Source”, as they are not inherently secure and can easily be monitored by criminals, “big brother”, or other unintended monitors to your message traffic.

Cypher Cycle, Standard Rollover

In order to keep our cypher sheets from becoming compromised, we currently rotate our cyphers based on a routine cycle. This is the part where I want the reader to know that all members of my network know to conduct a “standard rollover” on the “7th” of every month.

Emergency Cypher Rollover

I also designed procedures for establishing an “emergency rollover”. If we suspect that someone has compromised our system, or we suspect “Big Brother” is listening, we mention the code word in the cell “L4”. We do not actually say the words, “Hey friend, I think we have been compromised.” Instead, we simply broadcast: “Lima-four- Lima-four- Lima-four, I say again, Lima-four- Lima-four- Lima-four.” When the other party or parties hear this, they immediately ”roll-over” to the next designated cypher sheet. Whether it is an actual emergency may be debatable among you readers, but in our network we have agreed that if we have been compromised, it’s an emergency!!!

Comprehensive Cypher Sheets

My cypher sheets are comprehensive, not complex. I create the document in portrait setting. Then I make vertical cells which are lettered and horizontal cells that are numbered. I recommend that you scramble the order of the alpha numeric symbols. I have incorporated numerous redundancies. My network has cypher sheets that have several different versions.

Cypher Sheet Names

I like good whiskey, so I named cypher sheets: “Jack”, “Jameson”, “Bushmills”, et cetera. My network members designed alternate cypher sheets named after Beer: “Bush”, “Miller”, “Coors”, “Pabst”, et cetera. Whatever you name them, the important thing to remember is to incorporate a system of rotation. It is absolutely crucial that all members of the network are trained and briefed regularly to insure proficiency and to avoid false emergency rollovers.

Categories and Names

On the cypher sheets are categories like ammunition status, medical status, and key members of our extended group, Cell “D-4”. Jagger and McCartney are the “Nom de guerre” of two members of our collective group. Never state actual names of people in the network. Remember, the name of the Game is OPSEC. Okay, so there may be a little cloak and dagger. At least my network is having fun while learning important lessons!

Highways

My network established that if it were necessary to bug out to my location here in the mountains, there would need to be several major highways listed for them to reference. The most direct route to my place is obviously going to be the first choice of practically anyone heading north out of the Los Angeles, San Diego, Orange County, San Bernardino County, or the “Inland Empire”, under normal circumstances. In this region, there are easily 20 million residents. So my network needs to have primary, alternate, and supplemental route choices. By our standards, a supplemental route gets you here to my location via a route that requires the member to exit California.

It can also mean that the member may end up staying in that state for some reason, if deemed necessary to preserve the secrecy of my place. There is one other option, where a member has arranged to go to Las Vegas to pick up an elderly mother, who cannot make it in her current location if there were some sort of catastrophe to affect Las Vegas as well as California.

Tomorrow, we will go into more detail and provide an example with illustration of how our network uses a cypher sheet.

SurvivalBlog Writing Contest

First Prize:

A $3000 gift certificate towards a Sol-Ark Solar Generator from Veteran owned Portable Solar LLC. The only EMP Hardened Solar Generator System available to the public.

A Gunsite Academy Three Day Course Certificate. This can be used for any one, two, or three day course (a $1,095 value),

A course certificate from onPoint Tactical for the prize winner’s choice of three-day civilian courses, excluding those restricted for military or government teams. Three day onPoint courses normally cost $795,

DRD Tactical is providing a 5.56 NATO QD Billet upper. These have hammer forged, chrome-lined barrels and a hard case, to go with your own AR lower. It will allow any standard AR-type rifle to have a quick change barrel. This can be assembled in less than one minute without the use of any tools. It also provides a compact carry capability in a hard case or in 3-day pack (an $1,100 value),

Round 75 ends on March 31st, so get busy writing and e-mail us your entry. Remember that there is a 1,500-word minimum, and that articles on practical “how to” skills for survival have an advantage in the judging.

9 Comments

There are computer programs to generate OTPs but I have read that anything that attaches to the internet can develop a signature and isn’t truly random. The people at AmRRON have recently developed a stand alone machine that will generate and print OTPs that are completely random. https://amrron.com/2018/03/18/amrron-dark-labs-otp/

Thanks for the link, Totally agree with you about Bruce Schneier. His book Applied Cryptography is a great read, however his criticism of one time pads is directed towards their use in the digital realm.

Key distribution is indeed a difficult issue and discipline in use is paramount to maintaining integrity of encrypted material ( soviet example, pads were reused ). Notice though that he did not say one time pads were insecure, just the opposite. Once encrypted, the cypher text can be transmitted by any means available to you, email, web page like paste bin, over the air ( radio, numbers stations ) or event painted on a wall or on a billboard. As long as the key is not compromised ( reusing compromises the key ) the message is secure.

One time pads are a tool, just like PGP encryption, symmetric cyphers, etc… Use the correct tool for the task at hand. In a grid down situation your not going to use PGP or other encryption methods that are computer based, your going to use 10 sided dice or something like this, https://amrron.com/2018/03/18/amrron-dark-labs-otp/ Check it out for your self, schematics and source code are on that page. Don’t trust, verify. ( in the interest of full disclosure, i am involved with that product).

One time pads are a “meatspace” encryption tool, and that’s where it counts.

Another option is the “Book Cipher,” although it’s more suited for “base station” operations than the field.
Each person has a copy of the same book – same edition, same printing – exactly the same. Best to purchase (with cash) two or more of the books from the same book seller to avoid buying different versions. Buying more than two may require researching a few book stores to ensure their versions are exactly the same, again purchased with cash.
From there, the code uses page number, line number and letter on that line. For example: 121/32/11 = page 121, line 32, word 11 on that line starts with an “s.” More cumbersome but it works pretty well until the book is compromised…then it’s on to the next book in the cycle. A schedule can be set to rotate between books. Since it also may take more time to encode and decode, as the author says, keep it concise.
For field operations, you can tear out an agreed upon page and take it with you, but not ideal.
For numbers, in a time-sensitive situation, use any symbol other than the number, an “* (asterisk)”, “$”, “&” sign before a letter: *a = 0, *b = 1, up to *j = 9. Note that encoding numbers this way does not require the book, but it’s also easily deciphered. The book cipher can be used for numbers that are critical.
The Book Cipher my not be perfect, but it may be simpler for some to learn and use, and no software involved.

Daily Post Archives

Please let others know they too can trust SurvivalBlog for the most reliable and practical survival information by voting for SurvivalBlog on topprepperwebsites.com

James Wesley Rawles

James Wesley, Rawles (JWR) is Founder and Senior Editor of SurvivalBlog, the original prepping /survival blog for when the Schumer Hits The Fan (SHTF). He began SurvivalBlog in 2005. It now reaches more than 320,000 unique visitors weekly.
JWR is a journalist, technical writer, and novelist. His survivalist novel Patriots: Surviving the Coming Collapse, is a modern classic that reached #3 on the New York Times bestsellers list. Two of his other novels have also been best New York Times bestsellers.
Jim is the originator of the American Redoubt movement and a frequent talk show guest on shows such as Alex Jones. He is also a retreat consultant specializing in off-grid living, rural relocation, and survival preparedness.

Hugh James Latimer

Hugh James Latimer (HJL) is the Managing Editor of SurvivalBlog, the original blog for prepping and survival for when SHTF, where he manages the blog’s day-to-day operations, applying his diverse technical, management, and editorial expertise.
HJL earned college degrees in engineering, metallurgy, and education and has worked as Technical Editor for five international technical journals and as an engineer for Sandia National Laboratories. His deep scientific background ranges from aerospace engineering to systems administration and owning his own technology-intensive business.
HJL is a firefighter/EMT, and Ham radio operator. He’s a Libertarian, an Eagle Scout, and most importantly a devoted follower of Jesus and the Bible.

Support SurvivalBlog

A $3/month subscription. That’s only $0.10/day for some of the finest Survival/Prepping content around!

—-
A One-Time Donation (You choose the amount):

—-

A $5 Dollar bill, a €5 Euro bill, a few Pre-1965 silver dimes, or a booklet of “Forever” U.S. postage stamps sent in the mail also works! ￼
We greatly appreciate your support to help keep this blog up and running! Our mail forwarding address is: